<?php include "../../db/dbconnect.php"; ?>
<?php
if(isset($_POST['nid'])){
	$nid = $_POST['nid'];
    $title = $_POST['title'];
    $content = $_POST['content'];
    $date = $_POST['date'];


    $update = "UPDATE news SET date=\"".$date."\", title=\"".$title."\", content=\"".$content."\" WHERE nid=".$nid;

    $result = mysql_query($update) or die(mysql_error());
}
?>
<html>
    <head>
		<link rel="stylesheet" href="../../css/admin.css" type="text/css" />
        <style type="text/css">
            body
            {
            background-color:#f5edd6;

            }
        </style>
        <script type="text/javascript">
          function updateNews() {
              nid = document.data.nid.value;
              title = document.data.title.value;
              content = document.data.content.value;
              date = document.data.date.value;
              if (window.XMLHttpRequest) {
                  xmlhttpCreate=new XMLHttpRequest();
              }
              else {
                  xmlhttpCreate=new ActiveXObject("Microsoft.XMLHTTP");
              }
              params = "nid="+nid+"&title="+title+"&content="+content+"&date="+date;
              xmlhttpCreate.open("POST","edit_news.php",false);
              xmlhttpCreate.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
              xmlhttpCreate.setRequestHeader("Content-length", params.length);
              xmlhttpCreate.setRequestHeader("Connection", "close");
              xmlhttpCreate.send(params);
              window.opener.location.reload(true);
          }
          </script>
    </head>
<body>
<?php if(isset($role) && $role == 'A'){?>

    <form name="data">
    <table class="admin_table" border="1">

<?php
    $nid = $_GET['nid'];
    $query = "SELECT * FROM news where nid = ".$nid;
    $result = mysql_query($query) or die(mysql_error());
    $row = mysql_fetch_array( $result );
    echo "<tr>\n";
    echo "<td width=100>News ID</td>\n";
    echo "<td width=600>";
    echo $nid;
    echo "<input type='hidden' name='nid' value='".$nid."'/>";
    echo "</td>\n";
    echo "</tr>\n";
    echo "<tr>\n";
    echo "<td width=200>Date</td>\n";
    echo "<td width=600>".$row['date'];
    echo "<input type='hidden' name='date' value='".$row['date']."'/>";
    echo "</td>\n";
    echo "</tr>\n";
    $name_query = "SELECT username from User where uid = ".$row['uid'];
    $name_result = mysql_query($name_query) or die(mysql_error());
    $poster_name = mysql_fetch_array( $name_result );
    echo "<tr>\n";
    echo "<td width=100>Author</td>\n";
    echo "<td width=600>";
    if($poster_name)
       echo $poster_name['username'];
    echo "</td>\n";
    echo "</tr>\n";
    echo "<tr>\n";
    echo "<td width=100>Title</td>\n";
    echo "<td width=600>";
    echo "<textarea name='title' cols='50' rows='1' >".$row['title']."</textarea>";
    echo "</td>\n";
    echo "</tr>\n";
    echo "<tr>\n";
    echo "<td width=100>Content</td>\n";
    echo "<td width=600>";
    echo "<textarea name='content' cols='50' rows='4' >".$row['content']."</textarea>";
    echo "</td>\n";
    echo "</tr>\n";
?>
    </table>
    <button type="button" onclick="updateNews()">Update!</button>
    </form>
<?php }else{?>
	<br><br>
	<p class="admin_head">This page is for administrator only.</p>
	<br><br>
<?php
}?>
</body>
</html>